Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/D2hB000xPlbBSZ6xgi4gfPCqlbE.roa
File:                     D2hB000xPlbBSZ6xgi4gfPCqlbE.roa (raw, json)
Hash identifier:          KlYhV9C+9GNNwheGn7iRVSX1lORaoc1ghtLAo+2XQg0=
Subject key identifier:   0F:68:41:D3:4D:31:3E:56:C1:49:9E:B1:82:2E:20:7C:F0:AA:95:B1
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       01990E559E7EFFE4778157AD1B2035E069ED
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/D2hB000xPlbBSZ6xgi4gfPCqlbE.roa
Signing time:             Wed 03 Sep 2025 06:48:36 +0000
ROA not before:           Wed 03 Sep 2025 06:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34450
IP address blocks:        91.149.229.0/24 maxlen: 24
                          91.149.230.0/24 maxlen: 24
                          91.149.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0e:55:9e:7e:ff:e4:77:81:57:ad:1b:20:35:e0:69:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: Sep  3 06:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f6841d34d313e56c1499eb1822e207cf0aa95b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:97:eb:bf:6a:33:48:b6:22:27:4d:1f:f1:52:
                    d1:e1:da:e3:d7:96:a2:86:d7:51:ba:12:b1:d7:60:
                    6d:c3:4e:48:8e:91:f1:52:9c:85:96:a0:23:39:a0:
                    32:21:00:1e:8f:c0:e6:d8:5f:22:55:69:28:e4:ef:
                    a2:5a:5d:83:5b:31:6c:a0:a1:b0:0e:e7:3a:24:b8:
                    54:70:c0:bc:d7:99:ae:ec:62:cb:c7:a7:f8:87:52:
                    c5:c0:b6:72:23:e7:54:9a:3c:2b:17:0c:57:f1:e2:
                    76:a4:bf:9f:fe:05:fa:50:77:0f:1a:85:87:6f:52:
                    7e:30:38:0e:98:1b:a8:56:ac:50:77:70:98:15:5e:
                    e9:70:15:3b:cf:0c:92:97:74:2b:94:5f:d7:7c:cf:
                    31:d8:f1:20:f4:de:e4:cc:5a:32:94:b9:09:6b:fd:
                    22:f2:5b:a7:f5:c6:e1:17:2e:c2:6f:af:f4:a2:c5:
                    9e:c0:8d:f7:71:72:5a:fc:6e:92:dd:c5:24:61:43:
                    c4:21:fc:6e:de:df:f3:b0:1b:f1:77:e7:62:ef:70:
                    eb:47:25:64:3d:fc:8e:a5:04:63:a6:0a:b1:b3:dc:
                    bd:9c:61:18:20:de:14:ee:92:24:05:60:5b:67:5b:
                    30:2e:f3:38:65:bb:a5:92:c8:c7:32:88:c2:c4:33:
                    6b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:68:41:D3:4D:31:3E:56:C1:49:9E:B1:82:2E:20:7C:F0:AA:95:B1
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/D2hB000xPlbBSZ6xgi4gfPCqlbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.229.0-91.149.231.255

    Signature Algorithm: sha256WithRSAEncryption
         39:e2:7f:e9:0c:a6:3d:7d:9e:80:84:c1:28:4d:d3:55:b5:b3:
         bc:f3:06:3d:8d:c2:f0:d9:15:d6:09:2e:cf:5f:30:03:9e:79:
         c5:7d:2d:28:29:18:d7:ba:7c:fe:96:e8:43:81:65:e9:8f:5c:
         74:37:6b:dc:5a:2b:32:97:ba:d4:dc:60:a3:f7:c9:0b:f9:2d:
         ae:df:25:60:a3:84:dc:9c:ad:52:54:fa:28:3c:15:b4:12:f9:
         1a:de:b8:3c:89:7e:82:c4:15:79:ce:c0:27:0a:c0:65:d2:20:
         2d:a1:48:cd:cb:c1:3d:93:63:13:2a:24:ed:df:fe:65:c1:b0:
         54:6c:22:0a:29:ea:66:df:38:b1:8c:d2:67:d9:fa:d5:5d:73:
         3d:9e:d2:19:47:f6:ae:02:0f:84:de:0d:c6:ae:e4:8b:20:76:
         4b:45:24:67:11:b2:6e:72:f7:d3:78:84:ca:4b:13:78:4a:7d:
         15:c1:75:9b:cf:f3:86:a9:76:f1:bf:6a:d2:50:36:08:2c:54:
         c9:8b:3b:81:a2:10:c7:92:c0:19:0c:da:3d:9e:a3:e6:63:88:
         ec:e6:fe:6d:62:dc:86:f7:ce:52:07:3b:39:0f:1b:47:69:10:
         b1:db:4b:5f:39:3e:b5:85:66:89:bb:1b:74:28:1e:4b:58:f6:
         5c:29:6b:88
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZkOVZ5+/+R3gVetGyA14GntMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjUwOTAzMDY0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjY4NDFkMzRkMzEzZTU2YzE0OTllYjE4MjJlMjA3Y2YwYWE5NWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25frv2ozSLYiJ00f8VLR4drj15ai
htdRuhKx12Btw05IjpHxUpyFlqAjOaAyIQAej8Dm2F8iVWko5O+iWl2DWzFsoKGw
Duc6JLhUcMC815mu7GLLx6f4h1LFwLZyI+dUmjwrFwxX8eJ2pL+f/gX6UHcPGoWH
b1J+MDgOmBuoVqxQd3CYFV7pcBU7zwySl3QrlF/XfM8x2PEg9N7kzFoylLkJa/0i
8lun9cbhFy7Cb6/0osWewI33cXJa/G6S3cUkYUPEIfxu3t/zsBvxd+di73DrRyVk
PfyOpQRjpgqxs9y9nGEYIN4U7pIkBWBbZ1swLvM4ZbulksjHMojCxDNraQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFA9oQdNNMT5WwUmesYIuIHzwqpWxMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvRDJoQjAwMHhQbGJCU1o2eGdpNGdmUENxbGJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbleUD
BANbleAwDQYJKoZIhvcNAQELBQADggEBADnif+kMpj19noCEwShN01W1s7zzBj2N
wvDZFdYJLs9fMAOeecV9LSgpGNe6fP6W6EOBZemPXHQ3a9xaKzKXutTcYKP3yQv5
La7fJWCjhNycrVJU+ig8FbQS+RreuDyJfoLEFXnOwCcKwGXSIC2hSM3LwT2TYxMq
JO3f/mXBsFRsIgop6mbfOLGM0mfZ+tVdcz2e0hlH9q4CD4TeDcau5IsgdktFJGcR
sm5y99N4hMpLE3hKfRXBdZvP84apdvG/atJQNggsVMmLO4GiEMeSwBkM2j2eo+Zj
iOzm/m1i3Ib3zlIHOzkPG0dpELHbS185PrWFZom7G3QoHktY9lwpa4g=
-----END CERTIFICATE-----